This guide is obsoleted now as this capability is included in default installation of visual traffic. In latest version we use Clickhouse powered notifications instead of InfluxDB.
In this guide you can enable attack notification in FastNetMon. This guide assumes that you configured InfluxDB properly using Visual Traffic guide. This capability is available only for FastNetMon Advanced.
It will look like:
Please open any dashboard where you need this information (we suggest using “FastNetMon Advanced Total traffic”). Then find button with gear sign on top of screen and press it.
Then select “annotations” on left panel and press “Add Annotation Query” button.
Name: FastNetMonAttacks Data source: InfluxDB
select title, tags, text from events where $timeFilter
Text: text Tags: tags
And save all changes with “Save” button on left side.
You need to use following mode from FastNetMon to enable this feature :
sudo fcli set main influxdb_attack_notification enable sudo fcli commit
Finally, please test integration using ban function for some test IP address (be careful, FastNetMon will block it!):
sudo fcli set blackhole 126.96.36.199